GLOSSARY 


access control list (ACL) — A list associated with 
an object that defines the rights that groups and 
individuals have to the object. The ACL is used by 
the Security Reference Monitor to protect objects 
from unauthorized access. 


access token — An identifier given to an object 
upon its creation. Based on the identity of the 
person who created it (or who created the object 
that created it), an object has certain rights, which 
are listed in its access token. The Security 
Reference Monitor compares the data in the 
access token with that required by the ACL to 
determine what kind of access the object may 
have to a particular object. 


Active Directory — A hierarchical directory data- 
base used in Windows 2000 to store all object 
information, including information about users, 
groups, and computers. 


Active Directory domain — A logical domain of 
Windows 2000 computers that share the same 
security and user information. 


Active Directory-integrated zone — A zone that 
allows for Active Directory security to control 
replication of the database information. 


active/active cluster — A type of cluster found in 
Windows 2000 Advanced Server and Windows 2000 
Datacenter in which both nodes in the cluster are 
serving client requests all the time. If one node fails, 
the cluster service moves its resources to the other 
node and the second node manages both workloads. 
The two nodes do not have to be identical. 


active/standby cluster — A type of cluster in 
which one node is serving client requests and the 
other is dormant, or doing work that may be dis- 
carded. When the active node fails, the cluster ser- 
vice moves its resources to the standby node, and 
the standby node drops whatever it had been doing 


and takes over the active server’s workload. The two 
nodes do not have to be physically identical. 


Add/Remove Hardware Wizard — A Control 
Panel applet introduced in Windows 2000 that was 
badly missed in Windows NT. This applet allows the 
operating system to detect and install new hardware 
devices. 


Address (A) resource record — An address reso- 
lution from a regular name to a TCP/IP address. 


address translation — The act of converting virtual 
addresses to physical addresses. This conversion is 
necessary because the operating system deals entirely 
in virtual addresses, leaving physical memory 
addresses to hardware. The two types of addresses 
don’t necessarily bear any relation to each other. 


Advanced Configuration and Power Interface 
(ACPI) specification — Defines Advanced 
Power Management features and is an integral part 
of the OnNow system built into Windows 2000. 
For more information, see the Microsoft Web site: 
http://www.microsoft.com/hwdev/onnow/. 


Advanced Options menu — An alternative boot 
menu (accessible by pressing F8 when the boot 
menu is displayed) from which you can access the 
various specialized start modes available for trou- 
bleshooting purposes. 


Advanced Power Management (APM) — The 
legacy specification that implements power man- 
agement in machine-specific BIOS code. 


affinity — The term used when a process is set up 
to prefer using one processor over another. 


AppleTalk Remote Access Protocol (ARAP) — 
A protocol that allows Apple Macintosh comput- 
ers to connect to a remote access server. 


Application layer —The layer of the OSI model that 
allows access to networking services. 


2 Glossary 


application license — A license that allows you to 
run a particular application. 


Application log — Records application events, 
alerts, and system messages. 


application programming interface (API) — 
The entire set of DLLs that an environmental sub- 
system supports to request kernel-mode services. 


application service provider (ASP) — A service 
running applications from a terminal server and 
making them available to anonymous users via the 
Internet for a fee. 


archive attribute — A simple attribute that identi- 
fies a file as having changed since the last full 
backup. 


archive bit — An attribute that allows the backup 
program to determine which files have been mod- 
ified. Any file that has the archive bit set has been 
modified. 


assigned software — Software that is installed auto- 
matically when a user reboots his or her computer. 
The feature is often used for software patches and 
service packs. 


attribute — A characteristic associated with a file 
object (file or folder). Different file systems have 
different attributes. 


authentication — The process that a computer 
undertakes to determine that you are who you say 
you are. 


authoritative restore — A method of restoring the 
Active Directory information to make sure that it 
is the most recent copy of the information and 
the one that should be propagated throughout 
the domain. 


Automatic Caching for Documents — The 
caching option that automatically caches only 
those files that are accessed by the user. This set- 
ting does not cache the entire contents of the 
directory, nor does it require user intervention. 


Automatic Caching for Programs — The 
caching option that automatically copies the entire 
contents of the folder to the user’s local cache. 


background application — An application that is 
running but not currently receiving user input. 


backup domain controller (BDC) — A 
Windows NT Server that maintains a read-only ver- 
sion of the directory database to authenticate users. 


balance set manager — The part of Win2K 
responsible for trimming process working sets to 
free physical memory as well as for identifying 
low-priority threads that aren’t receiving 
CPU cycles. 


base priority — The priority with which a thread 
starts after its creation. The base priority of a 
thread is always equal to that of the process that 
created it. 


basic disk — A disk that has been partitioned and 
formatted using Windows NT 4.0. Basic disks can 
support primary and extended partitions as well as 
logical disks. 


basic storage — A hard disk designed to support 
primary and extended partitions and logical drives. 
Any operating system can recognize disks set up to 
use basic storage. 


batch jobs — Sequences that are submitted for exe- 
cution on a computer as a single task. 


batch system — A runtime environment in which 
one program or application follows another in 
sequence. 


bit mask — The result of an XOR function. The bit 
mask contains a 1 for every mismatch between 
numbers and a 0 for every match. 


boot failures — Problems that occur between 
powering up a computer and the logon prompt 
display. 


boot logging — An advanced option that boots the 
computer normally but lists all files loaded during 
the boot process, and saving the list in a file called 
Ntbtlog.txt. Boot logging is enabled by default 
when you boot to any form of Safe Mode. 


boot partition — On a Windows 2000 system, the 
partition that contains the main operating system 
directory and the pagefile. The boot partition can be 
the same as the system partition, but most often is 
located elsewhere, either on the same drive or on a 


different physical drive. 


boot sector — An area at the beginning of each 
partition that names the files to be loaded to run 
the operating system stored on that partition. 


boot virus — Malicious software that targets the 
master boot record of a disk to make the disk 
unbootable. Until the advent of macro viruses, 
boot viruses were the most common virus type. 


Boot.ini — A file that defines the host partitions and 
the primary executables of the operating systems 
present on the computer. Boot.ini also defines the 
default operating system that loads when the cus- 
tomizable boot menu display timer expires. 


Bootsect.dos — On a multiboot system with another 
Microsoft, clone, or near-equivalent operating sys- 
tem such as DOS or Windows 95/98, a file that is 
used to establish a start-up environment more con- 
ducive to these older Microsoft operating systems. 


bootstrapping — The initialization process that a 
computer goes through to inspect its hardware and 
locate the boot files for an operating system on 
the active partition of a hard drive. 


bootstrapping files — Computer files required to 
initiate loading and launching an operating system. 
Also called boot files. 


breaking the mirror set — Reverting both halves 
of a mirror set to independent simple volumes. 


broadcast — The signal sent across the network by a 
resource to notify users of its availability. 


bus class driver — One of the native 
Windows 2000 driver layers, which provides all 
basic driver functionality for bus devices. 


bus minidriver — A small device driver that imple- 
ments manufacturer-specific features not included 
in the bus class driver. It works in conjunction 
with the bus class driver. 


Canonical Name — An alias that can be assigned 
to a TCP/IP host. 


CardBus — A high-speed bus specification based on 
the PCMCIA technology found on laptop com- 
puters. This hardware interface supports PC Card 
peripheral technologies. 


central processing unit (CPU) — The “brains” of 
the computer. The components that complete 
most of the calculations on a system. 


Glossary 3 


certificate — A portable method of authentication 
that demonstrates the identity of a user or ser- 
vice. Certificates are files that may be imported 
or exported, so you can move or copy them if 
necessary. 


certificate authority — A server entrusted with the 
task of creating certificates for users and services. 


change journal — A list of all changes made to files 
in the volume. Some Windows 2000 functions, 
such as the remote storage service, can refer to the 
change journal to know when to do their jobs. 
The change journal is a more efficient way of 
looking for changes than browsing the volume 
looking for the desired difference. 


ciphertext — Encrypted data. 


Circular Logging — A process by which older log 
files are overwritten as the current log file fills to 
capacity. When this option is enabled, data recov- 
ery is greatly minimized. 

client — The computer or user that requests infor- 
mation from a server. 


client access license — A type of license that per- 
mits the holder to access a server from the network. 


cluster — A logical grouping of sectors, with the 
number of sectors per cluster depending on the 
size of the partition and the file system being 
used. A cluster is the smallest storage unit that 
Windows 2000 file systems can recognize. 


cluster resource — An object that can be moved 
between servers in a server cluster. 


cluster service — A Windows 2000 service running 
on all nodes of a cluster, facilitating communica- 
tion and failover between nodes. 


clustering — A technique that involves logically 
combining two or more servers for redundancy. 


clustering — The ability of multiple servers to func- 
tion as a single, logical server. A clustering facility 
allows tasks and threads to be distributed among 
the servers in a cluster in much the same way that 
an operating system that supports multiple CPUs 
distributes threads and tasks on a single multi- 
processor machine. 


4 Glossary 


command language — A collection of terms that 
allow a user to tell the operating system what to do. 


committed memory — Memory allocated to a 
process that is backed with the necessary amount 
of space in the paging file. Processes must commit 
memory before they can store data in it. 


Computer Information File (CIF) — A detailed 
collection of all information related to the hard- 
ware and software products that make up your 
computer (and even your entire network). 


console license — A type of license that comes 
with an operating system and represents permis- 
sion to install the operating system on a single 
machine and use it from that machine. 


context — The information describing the operating 
environment for all threads in a particular process. 


context switch — The action that takes place when a 
processor switches from kernel mode to user mode. 


context switching — The act of setting aside one 
thread’s context for that of another thread, when 
the second thread starts using the CPU. 


context switching — The process of saving the 
state of the running task, loading the state of the 
pending task, and then starting execution of that 
pending task. 


control object — A kernel object that controls var- 
ious operating system functions, such as running 
the kernel process. 


control set — A hardware-profile-specific collection 
of boot process parameters. 


cooperative multitasking — A type of multitask- 
ing in which all applications in turn get some 
CPU time and are supposed to relinquish the 
processor when their time is up. 


copy backup — A backup method that copies the 
data to the backup media without changing the 
archive bit of the files. 


copy backup — A type of backup that works like a 
normal backup in that it copies all selected files to 
the backup media, regardless of whether the 
archive bit is set. A copy backup does not reset the 
archive bit. 


copy-on-write data sharing — A form of shared 
memory protection. Copy-on-write allows multi- 
ple processes to read the same bit of data stored in 
physical memory. If one of the processes attempts 
to change the data, however, the Virtual Memory 
Manager copies the edited data to a new location 
and the process uses the copy. This approach keeps 
the editing process from corrupting the data that 
other processes are using. 


core system files — Those files that make up the core 
components of an operating system. If these files 
become corrupted or damaged, the operating system 
cannot function. 


cycles — Discrete chunks of time that the CPU can 
dedicate to any given application’s needs. 


cyclic redundancy check (CRC) — A mathemat- 
ical recipe that generates a specific value, called a 
checksum, based on the contents of a data frame. 
The CRC is calculated before a data frame is 
transmitted and then is included with the frame; on 
receipt, the CRC is recalculated and compared 
with the sent value. If the two agree, the data frame 
is assumed to have been delivered intact; if they 
disagree, the data frame must be retransmitted. 


cylinder — All of the parallel tracks on all surfaces. 
For example, Track 10 on all surfaces creates 
Cylinder 10 for the disk. 


daily backup — A type of backup that copies only 
those files that have changed on the day of the 
backup. 


Data Link layer — The layer of the OSI model 
that uses the hardware address of the system to 
communicate. 


data stream — Chunks of data that may be associ- 
ated with more than one file. Data streaming 
allows you to deal with several distinct pieces of 
data as one unit. 


Dcpromo.exe — The Active Directory Installation 
Wizard, which is found in the windir\system32 
directory. This wizard allows you to install your 
server as a domain controller or to remove it 
as one. 


debugging mode — A mode that starts 
Windows 2000 normally while sending debugging 
information through a serial cable to another com- 
puter. It is useful when you want to examine the 
boot process carefully. 


default gateway — A device (a multihomed com- 
puter or a router) that can communicate between 
two different networks. 


delegation of administration — A Windows 2000 
feature that allows you to implement users having 
different permissions. For example, you can create 
an organizational unit and assign an administrator 
who will have the right to modify the objects 
within that organizational unit, but not in organi- 
zational units that exist above it. 


deleting the mirror set — Removing the mirror 
set volume and thus discarding all of its data. 


device class driver — A layer of built-in device 
support that implements basic support for a class 
of hardware, such as modems. A device class driver 
supports all generic or standard features of a par- 
ticular type of peripheral, thereby easing the devel- 
opment burden for hardware manufacturers. 


device class driver — A piece of software that sup- 
plies basic driver interfaces and functions that define 
broad parameters for specific types of devices. 


device driver — A kernel-mode module that acts as 
a go-between for the I/O subsystem and the hard- 
ware abstraction layer. 


device driver interfaces (DDIs) — Interfaces that 
define how device drivers interact with the oper- 
ating system components, such as OnNow. 


Device Manager — An internal Windows 2000 
device management routine that handles enumer- 
ation, Plug and Play configuration, and device 
support. 


device minidriver — A small device driver that 
implements manufacturer-specific features not 
included in the device class driver. It works in 
conjunction with the device class driver. 


DFS link — A pointer to an additional share 
included in the DFS configuration. 


Glossary 5 


DFS root — The local server share that acts as the 


starting point for users to access resources on the 
DFS share. 


DHCP lease — An IP address, subnet mask, and 
optional parameters that are given to a DHCP 
client for a configured amount of time. 


DHCP scope — A logical grouping of TCP/IP 
addresses that can be assigned to DHCP clients by 
the server. 


differential backup — A backup method that backs 
up all data added or modified since the last full 
backup. This method resets the archive bit. 


differential backup — A type of backup that copies 
to the backup media every selected file that has the 
archive bit set, but does not reset the archive bit. 


Directory Service log — Records events related to 
the Directory Service. 


Directory Services Restore Mode — An 
advanced boot option that allows you to verify 
that the Active Directory has been restored from 
backups successfully. 


disk duplexing — A mirror set that incorporates 
two disks attached to different disk controllers, so 
they are not affected by controller failure. 


disk duplication — A feature that allows for the 
duplication of system hard drives for use with 
third-party disk imaging software. 


disk mirroring — A RAID type that combines 
space on two physical disks to create a mirror 
image; that is, when data are written to one disk, 
the same information is written to the other disk. 


disk quotas — A feature available with 
Windows 2000 Server’s new NTFS file system 
(Version 5). As an administrator, you can now assign 
users quotas on folders, volumes, or disks. This fea- 
ture ensures that a single user does not monopolize 
the hard disk space that exists on your server. 


disk quotas — A method of preventing users from 
using more than a predetermined amount of space 
in a volume. When a user exceeds his or her 
quota, he or she will be denied write access to the 
volume until some files have been deleted to go 
below the quota. 


6 Glossary 


disk striping with parity — See RAID 5 volume. 


dispatcher — A set of routines in the Win2K kernel 
that governs thread scheduling. 


DNS Service log — Records events related to the 
DNS Service. 


domain — A group of computers that shares a cen- 
tralized security database. 


domain controller — A Windows 2000 Server 
that authenticates users in a Windows 2000 
network. 


domain controller — The computer that stores the 
domain’s security database. A domain can have 
more than one domain controller to ease the bur- 
den of authenticating users. 


Domain Name Service (DNS) — A dynamic 
method for resolving TCP/IP addresses to 
Internet names, and vice versa. 


Dr. Watson — Windows 2000's application error 
debugger. This diagnostic tool detects application 
failures and logs diagnostic details. 


driver stack — The entire device driver layer in 
Windows 2000, including the HAL, bus class and 
minidrivers, and device class and minidrivers. 


duplexed volume — A volume that uses two disks 
on two separate controllers. The data are written 
to both disks at the same time. 


dynamic disk — A new type of disk introduced 
with Windows 2000. It allows for an unlimited 
number of volumes to be created on a single disk. 


Dynamic Host Configuration Protocol 
(DHCP) — A protocol that allows for the auto- 
matic configuration of TCP/IP properties for 
clients. 


dynamic link library (DLL) — A specific set of 
function calls that allows executable routines to be 
stored as files and to be loaded only when needed 
by a program that calls them. 


dynamic routing — The process used by routers to 
dynamically learn about the routes that they can 
take to connect to remote networks. 


dynamic storage — A new type of storage in 
Windows 2000 that designs disks to support 


multidisk volumes. Volumes on dynamic disks may 
be added, resized, and deleted without rebooting. 


Emergency Repair Disk (ERD) — A floppy disk 
that you can create with Windows 2000 Backup 
and that you can use to restore a previously saved 
set of configuration information (stored in 
%systemroot %\repair\regback). The ERD does not 
contain any configuration settings itself, just the 
files needed to restore the information saved on 


the hard disk. 


emulation — A mechanism by which an environ- 
mental subsystem supports applications for which 
it doesn’t have an API. 


Encrypted File System (EFS) — A system for 
encrypting files on a Windows 2000 system to 
protect them from unauthorized access. Intended 
mainly for people with laptops and for removable 
storage that’s vulnerable to theft. 


encryption — A blanket term for any method of 
systematically obscuring the meaning of data by 
applying an encryption key to it. 

End User License Agreement (EULA) — Paper 
or software text accompanying software that 
defines the conditions under which the licensee 
may use the software. 


enumeration — The process by which Plug and 
Play adapters are recognized by the operating sys- 
tem and a device tree is built. 


environmental subsystem — The part of an oper- 
ating system that provides an interface to the func- 
tions that an application needs to support user 
requests. Win2K supports three environmental 
subsystems: Win32, POSIX 1.0a, and OS/2 1.0. 


Event Viewer — The utility used to view the three 
logs automatically created by Windows 2000. 


exclusive OR (XOR) arithmetic — The function 
that RAID 5 volumes use to calculate the parity 
information for their data. When calculating the 
XOR for two binary numbers, you compare them 
side by side. The result will have a 0 in every place 
where the numbers match and a 1 in every place 
where they do not. 


executable image — The name of an application or 
a logical construct for the processes and threads 
that actually execute the application. 


executive services — The collection of all interme- 
diary and management components for all 
resources, security, and communications in the 
Windows 2000 environment. User-mode processes 
do not actually interact with executive services; 
rather, they interact with APIs defined for their 
application subsystems. The virtual machine in 
which the calling application runs then redirects 
such API calls to the kernel, where they are routed 
to the appropriate executive service. 


extended partition — A disk partition on a basic 
disk that’s designed to hold logical drives. 
Extended partitions can’t hold any data on their 
own—they’re just areas of free space in which you 
can create logical drives. A hard disk may hold one 
extended partition, but you can make as many 
logical drives within that partition as you like. 


FAT (file allocation table) — A catalog at the 
beginning of a volume that notes each file and 
folder in the volume and lists the clusters in which 
each file is stored. 


FAT16 — A file system first used with DOS and 
supported in Windows 2000 for compatibility rea- 
sons—only Windows 2000 can read NTFS vol- 
umes, so if you need to support dual-boot 
machines or write data to floppy disks, you need 
FAT. FAT 16 uses a 16-bit addressing scheme for 
clusters and can support only fairly small volumes 
without wasting space from overlarge clusters, but 
it has little overhead. 


FAT32 — A version of FAT that uses a 32-bit 
addressing scheme, so that it can address more 
clusters than FAT 16. 


fault tolerance — An aspect of an operating system 
that ensures high availability of both user and sys- 
tem data and of the computing resources. 


fault-tolerant cluster — A cluster type in which 
two physically identical nodes operate in tandem, 
performing the same functions. If one node fails, 
the other takes over for it almost instantly because 
no resource transfer is needed. 


Glossary 7 


fault-tolerant volume — Any volume designed to 
reduce the risk of data loss due to disk failure. 
Fault-tolerant volumes either keep a copy of data 
or maintain information from which that data may 
be regenerated. 


File Replication Service log — Records events 
related to the File Replication Service. 


file system — A method of logically organizing the 
physical disk space in a partition for use by the 
operating system. Different file systems catalog data 
differently and support different file attributes. 


file system cache — A range of virtual memory 
addresses reserved for storing recently used data 
related to storage I/O. 

file system driver — A device driver that translates 
file-oriented I/O requests for the hardware 
abstraction layer to pass to storage media. 

filter driver — A device driver that intercepts file 
I/O requests and processes the request to make it 
intelligible to the receiving device. 


First In, First Out (FIFO) — An algorithm that 
marks the oldest data in RAM to be sent to the 
paging file. The balance set manager uses this algo- 
rithm on Alpha and multiprocessor x86 computers. 


foreground application — The application cur- 
rently receiving user input. 


forest — A collection of two or more trees with 
noncontiguous namespace. 


forward lookup zone — The zone in charge of 
Internet name to TCP/IP address resolution. 


frame — The basic package of bits that represents a 
protocol data unit (PDU) sent from one computer 
to another across a network. In addition to its 
contents, a frame includes the sender’s and receiv- 
er’s network addresses as well as control informa- 
tion at the head and a CRC at the tail. 


free space — An area of an extended partition not 
yet made into a logical drive. 


full backup — A backup method that completely 
backs up the data to the backup media and resets 
the archive bit. 


8 Glossary 


Full Zone Transfer (AXFR) — A complete trans- 
fer of all zone information from the primary site 
to the secondary sites. 

function call — A predefined request for a kernel- 
mode action that the environmental subsystem can 
call at the request of an application. 


Gateway Services for NetWare (GSNW) — A 
service that allows multiple Windows clients to 
access file and print resources on one or more 
Novell NetWare servers without the need to 
reconfigure all clients to log into the NetWare 
network. 


Grandfather/Father/Son (GFS) — A backup 
scheme that uses a monthly normal backup, a 
weekly normal backup, and a daily incremental or 
differential backup to create a three-month record 
of server data. 


group — A collection of like cluster resources that 
the cluster service can manage as a group. 


group policies — A service that allows an adminis- 
trator to control the amount of access that users 
have to applications and systems based on the 
users’ permissions. 


group policies — Policies that control the security 
settings for computers and users in the domain. 


groupware — Multiuser applications that come 
with a group license and are used by several peo- 
ple simultaneously, such as e-mail servers. 


handle — A connection to an object that allows one 
object to manipulate another. 


hardware abstraction layer (HAL) — The only 
module of Windows 2000 that is hardware- 
specific. The HAL is built to match the type and 
state of the hardware during installation. 


hardware address — See Media Access Control 
(MAC) address. 


hardware device driver — A module that writes data 
to or retrieves data from a physical device or net- 
work, manipulating the hardware via the hardware 
abstraction layer. 


hardware devices — Physical hardware, features, 
and interfaces installed in a PC. 


head — The read-write mechanism in a disk. Each 
surface has its own head. 

helper — Parts of the operating system that allow 
applications to communicate with hardware. 
Originally, these parts were lumped together in a 
single unit and communicated with each other in a 
separate area of memory, away from applications. 


hidden attribute — A simple attribute that hides a 
file. If the hidden attribute is set, the file will not 
show up in a DIR listing of the folder’s contents, 
or in Windows Explorer unless hidden files are 
visible. 


hive — A section of the Registry that is stored in a 
separate file. Hives are permanent structures that 
are saved each time the system is shut down, and 
reloaded each time the system is powered up. 


HKEY_CLASSES_ROOT — A Registry key that 
contains the value entries that control the relation- 
ships between file extensions (and therefore file for- 
mat types) and applications. It also supports the data 
used in object linking and embedding (OLE), COM 
object data, and file-class association data. This key 
actually points to another Registry key named 
HKEY_LOCAL_MACHINE\Software\Classes, 
and it provides multiple points of access to make 
itself easily accessible both to the operating system 
itself and to applications that need access to compat- 
ibility information. 


HKEY_CURRENT_CONFIG — A Registry key 
that contains the value entries that control the 
currently active hardware profile. Its contents are 
built each time the system is started. This key is 
derived from data stored in the 
HKEY_LOCAL_MACHINE\System\CurrentCo 
ntrolSet\HardwareProfiles subkey. It provides 
backward compatibility with Windows 95/98 
applications. 


HKEY_CURRENT_USER — A Registry key that 
contains the value entries that define the user 
environment for the currently logged-on user. It is 
built each time a user logs onto the system. The 
data in this key are derived from the 
HKEY_USERS key and the Ntuser.dat/.man file 
of a user’s profile. 


HKEY_LOCAL_MACHINE — A Registry key 
that contains the value entries that control the 
local computer, including its hardware devices, 
device drivers, and various operating system com- 
ponents. The data stored in this key are not depen- 
dent on a logged-on user or the applications or 
processes currently in use. 


HKEY_USERS — A Registry key that contains the 
value entries that define the user environments for 
all users who have ever logged into this computer. 
When a new user logs into the system, a new sub- 
key is added for that user which is either built 
from the default profile stored in this key or con- 
structed from the roaming user profile associated 
with the domain user account. 


hot fix — Similar to a service pack, except that it 
addresses only a single problem, or a small number 
of problems, and may not be fully tested. 


human interface device class — One of the 
Windows 2000 driver classes devoted to handling 
input devices such as mice, keyboards, and game 
controllers. 


idle thread — A low-priority thread that runs 
whenever no other threads are running on the 
CPU. The idle thread watches for events that will 
require CPU time, but doesn’t actually do any- 
thing with the CPU itself. 


IEEE 1394 Serial Bus (FireWire) — A high-speed 
serial bus that supports 63 devices per bus, allows 
interconnection of 1023 buses, and features auto- 
matic device recognition. 


in-place upgrade — An upgrade to Windows 2000 
in which all current domain configurations are 
maintained. 


incremental backup — A type of backup that 
copies to the backup media every selected file that 
has the archive bit set and then resets the archive 
bit to show that the file has been backed up. 


incremental backup — A type of backup that will 
back up all data added or modified since the last 
backup without resetting the archive bit. 


Glossary 9 


Incremental Zone Transfer (CXFR) — A partial 
transfer of modified zone information between the 
primary and secondary sites. 


index — A list of all files in a folder in an 
NTFS volume. 


individual device driver — A device- and model- 
specific program that defines the exact capabilities 
and functions of a particular device down to the 
make and model level, and allows the operating 
system to access the device’s functions. 


interactive logon — The act of typing your name 
and password into the login screen of a 
Windows 2000 computer. 


Internet client license (ICL) — A type of license 
that permits an anonymous user to log onto a ter- 
minal server via the Internet. ICLs are restricted 
for anonymous use; people with domain accounts 
can’t use them. 


Internet Information Services (IIS) — 
Microsoft’s Web Services software that is included 
with Windows 2000 and is used to make informa- 
tion available on the World Wide Web. 


Internet Printing Protocol (IPP) — A new pro- 
tocol that allows clients to connect to a printer 
that is connected to a Windows 2000 network 
using a URL, to download and install drivers over 
the Internet, and to view the printer status in a 
Web browser, such as Internet Explorer. 


Internet Protocol Security (IPSec) — A new, 
secure, industry standard implementation of the 
popular TCP/IP protocol. 


Internet Services Manager (ISM) — The applica- 
tion used to manage and maintain IS applications. 


Internetwork Packet Exchange/Sequenced 
Packet Exchange (IPX/SPX) — A protocol 
developed by Novell for its NetWare operating 
system. It may be used in routed environments. 


interrupt request (IRQ) — A special, high-priority 
communications channel through which a hard- 
ware device informs the CPU that it needs to per- 
form some action or respond to some condition. 


10 Glossary 


job — A collection of processes with certain com- 
mon characteristics, such as the working set and 
the amount of CPU time that the threads in the 
process get. 


Kerberos — The native Windows 2000 authentica- 
tion protocol. Kerberos relies on a system of 
shared secrets for mutual authentication of client 
and server. 


Kerberos security — An industry standard form 
of security authentication that is used by 
Windows 2000. 

kernel mode — A processing mode that gives com- 
plete access to all writable addresses in the system 
process area. Kernel objects run in kernel mode. 
Because this mode allows access to the operating 
system, only code that must interact with the 
operating system directly runs in kernel mode. 

kernel object — An object that exists only in ker- 
nel mode and with which the kernel manipulates 
executive-level objects such as processes and 
threads. Kernel objects contain no security infor- 
mation or other attributes, so they don’t incur the 
same kind of policy-based overhead that executive 
objects do. 

key — A top-level division of the Registry. The 
Windows 2000 Registry contains five keys. Each 
key can contain subkeys. 

key — An algorithm used to encrypt or decrypt 
data. Sometimes, the same key may do both; at 
other times, the encryption key may be different 
from the decryption key. 

Key Distribution Center (KDC) — A secure 
server in a Windows 2000 domain that’s responsi- 
ble for generating the cryptographic keys and tick- 
ets that are the basis of Kerberos security. 

Last Known Good Configuration — The con- 
figuration settings that were in place the last time 
you successfully booted Windows 2000. You can 
choose to load these settings if you boot from the 
Advanced Options menu and choose Last Known 
Good from the menu. 

Last Known Good Configuration (LKGC) — A 
configuration recording made by Windows 2000 
of all Registry settings that exist at the time when 
a user successfully logs onto the computer. 


launch — The process of executing an application. 


Layer Two Tunneling Protocol (L2TP) — A pro- 
tocol that relies on other encryption methods 
(such as IPSec) for communication. It creates the 
secure connection, but other methods of encryp- 
tion must be used. 


Least Recently Used (LRU) — An algorithm that 
marks the least recently used data in RAM to be 
sent to the paging file. The balance set manager uses 
this algorithm on single-processor x86 computers. 


legacy virtualization drivers layer — A layer in 
the driver stack that supports legacy VxD-style 
device drivers. 


load balancing — Distributing client requests 
among grouped (but not necessarily clustered) 
servers so that the least busy server always services 
the next client request. 


local area network (LAN) — A group of comput- 
ers that are connected to form a network within a 
small area, such as a floor or a building. 


local print device — A printing device directly 
connected to the computer. 


local procedure call (LPC) facility — The 
Win2K messaging mechanism that allows client 
and server processes to communicate. 


Local Security Authority (LSA) — The compo- 
nent that checks whether a user logging on has an 
account on a local or a trusted domain. When you 
are logging onto another domain, the LSA must 
communicate with that domain’s domain con- 
troller to see whether the domain controller has 
an account for you in its security database. 


local user profile — A user profile stored on the 
local computer; the default setting for all user pro- 
files. Local user profiles exist on a per-computer 
basis, so a user may have different environment set- 
tings depending on which computer he or she logs 
onto. Changes to the profile are saved to the local 
computer when the user logs off. 


logical drive — A formattable division of an 
extended partition, created from an area of free 
space. An extended partition may hold as many 
logical drives as you like. 


Mail Exchanger — A DNS record used to resolve 
which server in the domain takes charge of e-mail. 


mandatory user profile — A roaming user profile 
that is not user-definable. If the user changes the 
environment settings, those changes are not saved 
at logoff. A mandatory user profile has a .man 
extension. 


Manual Caching for Documents — The caching 
setting that requires users to manually transfer files 
to be used offline from the server to their local 
computer; this is the default setting for shares. 


master boot record (MBR) — A file stored in the 
first sector of a hard disk. It contains the partition 
table and links to the boot sectors for all partitions. 


master boot record (MBR) — The area of a hard 
drive that contains the data structure that initiates 
the boot process. 


master boot record (MBR) — The section on a 
hard drive where the partition table and other key 
descriptive information are stored. 


master file table (MFT) — A file in each NTFS 
volume that contains a 2 KB entry for each file and 
folder in the volume. If the file plus all attributes 
(including the data attribute) is smaller than 2 KB, 
then it may be stored in the MFT itself; otherwise, 
the file’s entry in the MFT contains a pointer to the 
rest of the file’s attributes that wouldn't fit. 


master zone — See standard primary zone. 


Media Access Control (MAC) address — A 
unique number that is assigned to each network 
device. It ensures that no two devices exist with the 
same addressing information. 


metropolitan area network (MAN) — A network 
of computers that exist within the same metropol- 
itan area, such as a city. 


mirror set — A fault-tolerant volume that exists in 
two identical, linked volumes on two dynamic 
disks. When you write data to a mirror set, the 
information is written to both volumes so that if 
one disk fails, the data will be recoverable from the 
other volume. 


mirror set — The name for the combined disk 
space that is turned into a disk mirror. 


Glossary 11 


mirrored volume — A volume on a dynamic disk 


that uses two disks and writes the same data to 
both of them. 


mixed mode — A mode in which Windows 2000 
runs so as to maintain backward compatibility 
with Windows NT domains. 


modular architecture — A method of program- 
ming where multiple separate components are 
combined into a single logical whole. Each com- 
ponent handles a specific task or a small set of 
related tasks. Windows 2000 uses such architecture 
in its kernel mode, particularly for the components 
that make up its executive services. 


mounting a partition — Logically linking a vol- 
ume to an empty folder on another NTFS vol- 
ume. It means that you can write data to the path 
on one volume and have that data actually stored 
on the mounted volume. 


MSInfo32 — A system configuration and documen- 
tation utility that reports numerous hardware and 
software settings. Also called the System 
Information tool. 


multiboot system — A computer that contains two 
or more operating systems and allows the user to 
select which operating system to start during each 
initial system start-up cycle. 


multicast scope — A scope that is used to send col- 
laborative information to a group of computers 
without the need to manually configure the clients. 


multimaster replication — A situation in which 
all domain controllers maintain a read-write copy 
of the database that they replicate to all other 
domain controllers. 


multiple display support — Native support within 
Windows 2000 that allows definition and use of as 
many as nine display monitors. 


multiprocessing — A system with multiple CPUs 
installed. 


My Network Places — The starting point for 
accessing network resources on a Windows 2000 
computer. 


12 Glossary 


name resolution — The method of converting 
between human-readable names and computer 
names and addresses. 


Name Server — A DNS record that defines which 
server in the domain acts as the name server. 


native mode — The way in which Windows 2000 
Systems communicate with other Windows 2000 
Systems. 


near-line backup — Data are migrated from the hard 
disk to a slower, but easily accessible media such as 
CD-ROMs. This backup technique allows the data 
to be accessible without using up disk space. 


NetBIOS Enhanced User Interface (NetBEUI) 
— A protocol that can be used in small, nonrouted 
environments. 


network — Two or more computers connected so 
that they can share information and resources. 


network computers — See thin clients. 


Network layer — The layer of the OSI model that 
addresses the messages for delivery. 


network load balancing — A feature that allows 
you to configure your network so that some 
network-based servers, such as Web services, are 
available most of the time. These services can 
therefore be shared between two or more 
Windows 2000 Advanced Server systems and fail 
over between them automatically. 


Network Place — A resource on the network, gen- 
erally accessed through a shortcut from the My 
Network Places dialog box. 

network redirectors and servers — File system 
drivers that transfer data to and from network- 
accessible drives. 


network-interface print device — A printing 
device attached to a special network interface 
card that does not require a direct computer 
connection. 


nodes — Individual servers in a cluster. 


nonroutable protocol — A network protocol that 
cannot be used in a routed network environment. 


normal backup — A type of backup that copies 
every selected file to the backup media and resets 


the archive bit on the original files. This backup 
type is the core of a backup strategy. 


NT LAN Manager (NTLM) — The default 
authentication protocol used in Windows NT 4. 


NTBACKUP — The backup program that comes 
with Windows 2000. It is accessed by selecting 
Start, Run, and typing NTBACKUP. 


Ntbootdd.sys — A file that appears on 
Windows 2000 and Windows NT systems with 
SCSI controllers that do not have an on-board 
BIOS translation enabled or present. It enables the 
drive controller system on the motherboard to 
control a SCSI adapter and its attached hard drives. 


Ntdetect.com — A core file of Windows 2000 that 
inventories the computer’s hardware and uses this 
inventory to build HKLM\Hardware. Every time 
you boot the machine, Ntdectect.com rechecks all 
hardware. 


Ntdetect.com — A file that is invoked just prior to 
loading the Windows 2000 executable files from 
the boot partition. It performs a hardware inspec- 
tion to create an inventory of devices and their 
configurations. The configuration that is detected 
is used to select a hardware profile, which in turn 
determines which device drivers are loaded. 


NTFS (New Technology File System) — The 
native file system for Windows NT that is extended 
in Windows 2000. NTFS has many advanced fea- 
tures that make it more efficient and faster on 
large drives, supports volume mounting, and offers 
other features such as disk compression, file quotas, 
and a native encryption system. 


Ntldr — The operating system initialization file that 
the computer launches upon the completion of 
the bootstrapping process. It is responsible for 
loading Windows NT or other operating systems 
when it appears on a multiboot system. Ntldr uses 
the Boot.ini file to present a boot menu, which in 
turn is used to select the operating system to be 
launched. 


Ntoskrnl.exe — A file that contains the 
Windows 2000 kernel, which is the core of the 
Windows 2000 operating environment. It controls 
the loading of all other files involved in establishing 


the computing environment. Ntoskrnl.exe resides 
on the boot partition in the \Winnt\System32 
folder (assuming the default name for the system 
root is accepted during installation). 


object — A component of the Active Directory, 
such as a user, group, computer, or application. 


object attributes — Configuration variables for 
objects. 


object classes — The definitions for new objects 
and for object classes within the Active Directory, 
which are stored within the schema. 


object manager — The part of the executive that 
creates the objects representing executive-level 
structures such as processes and threads. 


offline backup — A backup method in which data 
are copied to removable media, such as a tape. 


Offline Files and Folders — The Windows 2000 
feature that allows users to cache files on their 
local drives for access when they are not 
connected to the network. 


offline folder — A new feature in Windows 2000 
that allows you to store commonly accessed net- 
work documents on your workstation so that they 
are available when your system is not connected to 
the network. Modified files are automatically syn- 
chronized when you reconnect to the network 
and log on. 


online — In terms of fault tolerance, when a 
resource provides its service on its node. 


online backup — A backup technique in which a 
copy of the data is maintained at all times on a 
separate and remote system. 


OnNow system — A Microsoft specification that 
supports hibernation, “instant-on,’ and sophisticated 
power management features. For more informa- 
tion, see the Microsoft Web site: 
http://www microsoft.com /hwdev /onnow/. 


Open Shortest Path First (OSPF) — A protocol 
used by routers to learn about different routes to 
remote networks. 


Ordinary Safe Mode — An option that loads only 
the drivers and services required to boot the 


Glossary 13 


computer and to provide a simple operating 
environment. 


organizational unit (OU) — A way to maintain a 
set security model for several objects within a 
domain. Similar to Windows NT domains. 


Organizationally Unique Identifier (QUI) — A 
unique number that is assigned to each network 
device vendor to ensure that hardware addresses 
do not overlap. 


Osloader.exe — A file that appears only on Alpha sys- 
tems. It replaces all of the various files found on 
Intel machines by combining their functions into a 
single file. 


page directory — A collection of page tables for a 
particular process. 


page fault — An event in which the Virtual 
Memory Manager must retrieve data from disk to 
put it back into RAM for a process. 


page fault handler — The part of the Virtual 
Memory Manager that finds the data that’s been 
paged to disk so as to put that data back into RAM. 


page table — A list of page table entries, used to 
map virtual addresses to storage areas in physical 
memory. 


page table entry (PTE) — The entry on a page 
table that contains the mapping of physical storage 
to virtual memory addresses. 


pagefile — Temporary storage space on a hard drive. 


pages — Sections of memory used by an operating 
system to transfer data from the physical memory 
to the swap file and back. Because physical memory 
is much faster than hard disks, paging slows down 
the system considerably. 


paging file — See pagefile. 

partition — A logical division of disk space. A disk 
must be partitioned, and the partitions formatted, 
before it can be used. Disks can have a maximum 


of four partitions without the help of an operat- 
ing system. 


14 Glossary 


partition table — A table stored in the first sector 
of a hard disk, noting the location and size of 
every partition on the disk and indicating whether 
those partitions are bootable. 


PC Card — Laptop peripheral technology based on 
the CardBus specification. Similar in design to 
PCMCIA cards but operating at a higher bus speed. 


PCI bus — High-performance personal computer 
bus that allows component-to-component commu- 
nication without the need for CPU intervention. 


PDC emulator — A service that runs on a 
Windows 2000 system that emulates the single- 
master replication method used in Windows NT. 
This service is used until all servers have been 
upgraded to Windows 2000. 


per-seat license — A type of license that permits a 
predefined number of computer connections to 
the operating system or application being licensed. 


per-session license — A type of license that per- 
mits a predefined number of simultaneous user 
connections to the operating system or application 
being licensed. 


Physical layer — The layer of the OSI model that 
defines the physical structure of the network (cop- 
per, fiber, and so on). 


physical memory — The memory chips installed in 
the computer that are used for temporary storage 
of process data. Synonymous with random access 
memory (RAM). 


plaintext — Unencrypted data. 


platter — A magnetized metal disk within a hard 
disk—the actual storage medium. 


Plug and Play — A hardware specification that 
allows automatic discovery and configuration of 
hardware devices. 


Plug and Play Manager — The Windows 2000 
component that handles operating system recogni- 
tion of Plug and Play hardware. 

Point-to-Point Tunneling Protocol (PPTP) — A 
protocol that is used to encrypt data between a 
server and a client. 


Pointer — A DNS record that resolves a TCP/IP 
address to its Internet name. 


power management — The Windows 2000 com- 
ponent that provides operating system power 
management features and controls hardware power 
management features. 


Power On, Self-Test (POST) — An internal diag- 
nostic that a computer performs during the earli- 
est phases of the bootstrapping process. 


preemptive multitasking — A type of multitasking 
in which the Virtual Memory Manager controls 
who has control of the CPU, rather than giving 
this responsibility to the applications. 


preemptive multitasking — Type of multitasking in 
which the memory manager controls who has con- 
trol of the CPU, rather than giving the responsibility 
to the applications. 


Presentation layer — The layer of the OSI model 
that translates data from a format understood by 
the application into a generic format that can be 
understood by other systems. 


primary domain controller (PDC) — The 
Windows NT Server that maintains the master 
copy of the database. 


primary partition — A disk partition on a basic 
disk that’s designed to hold an operating system 
(although it doesn’t have to do so—a primary par- 
tition might hold only data). One primary parti- 
tion is marked active, meaning that the computer 
will boot from it. A disk may hold a maximum of 
four primary partitions. Primary partitions may 
not be subdivided. 


print device — A physical printing device. 


print driver — A software component that is used 
to translate print jobs into the language used by 
the print device. 


print server — A computer configured to manage the 
printing activities of one or more print devices. 


printer — A software interface between the operat- 
ing system and the physical printing device. 

priority interrupts — A way for hardware devices 
to notify the CPU that they need its attention. 


private key — A key devoted to decrypting data for a 
particular person. Private keys should be kept secure. 


process — The environment defining the resources 
available to threads, which are the executable parts 
of an application. Processes define the memory 
available, any processor affinities, the location 
where the process page directory is stored in phys- 
ical memory, and other information that the CPU 
needs to work with a thread. 


processor affinity — In multiprocessor systems, a 
feature that may be used to tell all threads in a 
process that they should use one processor in pref- 
erence to another, even if the preferred processor 
is busier than the alternative processors. 


protocol — A common language that allows hetero- 
geneous systems to communicate and share infor- 
mation on a network. 


public key — A key devoted to encrypting data for 
a particular person. A public key only encrypts; it 
does not decrypt. 


published software — Software made available to 
users on an as-needed basis. Users can select from 
the list of published software to determine 
whether they want to install available applications. 


quantum — The number of CPU cycles that a 
thread gets to use when executing. During its 
quantum, a thread gets all of the CPU’s attention. 


quorum resource — A cluster resource that is used 
as a tiebreaker when two servers are trying to 
form a cluster at once. The one with control of 
the quorum resource controls the cluster. 


quota — The amount of disk space to which a user 
has access on a quota-enabled volume. 


RAID 5 volume — A fault-tolerant volume 
extending over 3—32 disks. It works like a stripe 
set, except that in addition to writing data in 
stripes across the disks in the volume, it also writes 
parity information for the volume. If one disk in 
the RAID 5 volume fails, then the data on that 
disk may be regenerated from the parity informa- 
tion on the other disks. 


RAID 5 volume — An elaboration of disk striping 
in which parity information for the data written 
to the volume is also written to the volume. If one 
disk in a RAID 5 volume fails, the data that it 


Glossary 15 


contained may be reconstructed from the parity 
information on the remaining disks. 


read-only attribute — A simple attribute that 
makes it impossible to edit a file. 


Recovery Console — A command-line recovery 
interface that you can use to repair bits and pieces 
of Windows 2000 without replacing all configura- 
tion settings. 


redirector — An Application layer software compo- 
nent that captures application output and redirects 
it to a different location. 


Redundant Array of Independent Disks 
(RAID) — The technique of logically combining 
physical disks to make fault-tolerant disk volumes. 
If one disk in a RAID array fails, the other disk or 
disks can take over until the broken disk may be 
replaced. 


REGEDIT — The 16-bit Registry Editor. 
REGEDIT offers global searching and combines 
all of the keys into a single display. It can be used 
to perform searches, add new subkeys and value 
entries, alter the data in value entries, and import 
and export keys and subkeys. 


REGEDT32 — The 32-bit Registry editor. 
REGEDT32 offers control over key and value 
entry security but displays each root key in a sepa- 
rate window. It also offers a read-only mode so 
that you can explore without accidentally altering 
value entries. REGEDT32 can be used to perform 
searches, add new subkeys and value entries, alter 
the data in value entries, and import and export 
keys and subkeys. 


REG_BINARY — A Registry value entry data type 
that stores data in binary format. 


REG_DWORD — A Registry value entry data type 
that stores data in binary, hex, or decimal format. 


REG_EXPAND_SZ — A Registry value entry 
data type that stores data in an expandable text- 
string format that contains a variable that is 
replaced by an application when it is used (for 
example, %Systemroot%\file.exe). 


16 Glossary 


REG_MULTI_SZ — A Registry value entry data 
type that stores data in text-string format that 
contains multiple human-readable values separated 
by Null characters. 


REG_SZ — A Registry value entry data type that 


stores data in text-string format. 


Registry — The hierarchical database of system con- 
figuration data that is essential to the health and 
operation of a Windows 2000 system. 


Remote Computer Management — A service, 
also included with Windows 2000 Professional, 
that adds the capability to configure the properties 
of any server service or application that might be 
installed on a remote system. 


Remote Display Protocol (RDP) — The special- 
ized protocol developed for Terminal Services that 
facilitates communication between the client and 
the server. 


Remote Installation Service (RIS) — A service 
that allows for the remote installation of 
Windows 2000 Professional systems from a central 
networked location. 


remote storage — A service that an administrator 
can configure to automatically migrate files that 
are not commonly accessed to a remote storage 
device, such as a tape backup system, so as to free 
up disk space for applications and services that 
require it. 


removing the mirror set — Discarding one half of 
a mirror set’s data (converting the volume to unal- 
located space) and reverting the other half to a 
simple volume. 


reparse points — NTFS pointers that may be set 
into a file path to redirect the path from one vol- 
ume to another. Reparse points make mounted 
volumes work. 


replica — A copy of part of the directory. 


reserved memory — Virtual memory addresses set 
aside for a particular process but not yet commit- 
ted—that is, no space in the paging file has been 
reserved for them. 


resident — Attributes that are stored in the master 
file table instead of being pointed to are known as 


resident attributes. Some attributes are required to 
be resident. 


resources — Name resolution information for 
a zone. 


resources — Part of a cluster (hardware or software) 
that the cluster software manages. The cluster ser- 
vice includes DLLs that represent some common 
potential resources, and developers can build 
their own. 


reverse lookup zone — A zone that maintains the 
pointer records and resolves IP addresses to names. 


roaming user profile — A user profile stored on a 
network server and downloaded to whichever 
computer a user is currently logged into. Changes 
to the profile are saved to the network server 
when the user logs off. 


root domain — The top-level domain in Active 
Directory (for example, microsoft.com). 


root folder — The folder in the FAT that lists all 
folders in the volume and all files in the root 
directory. A root folder can contain a maximum of 
512 entries. 


routable protocol — A network protocol that can 
be used in a routed environment to communicate 
with remote networks. 


routing — The process of transferring packets of 
information from one network to another network. 


Routing Information Protocol for Internet 
Protocol (RIP for IP) — A protocol used by 
routers to learn about different routes to remote 
networks. 


routing table — A list of available networks and 
interfaces over which a system must communicate 
to contact a remote system. 


runtime environment — The packaging of com- 
mon control elements for applications to use. 


Safe Mode — A way of booting Windows 2000 with 
a minimal set of drivers. It displays the usual desktop 
(although using only the Vga.sys driver) and has no 
networking support. 


Safe Mode (Command Prompt Only) — An 
option that works like Safe Mode—no networking 


support, basic VGA video, no extraneous drivers— 
except that it uses the command prompt 
(Cmd.exe) for a shell instead of Explorer 
(Explorer.exe). 


Safe Mode with Networking — An option that is 
just like Safe Mode, except for the addition of net- 
work support. You would use this boot option 
when you want a pared-down version of the 
operating system, but need network support to fix 
something. 


schema — The way in which the Active Directory 
recognizes different objects. You can modify the 
schema to add information, such as a user’s picture. 


secret key communication — The method of 
authentication on which Kerberos is based, where 
a client and server must both know and use the 
same cryptographic key to protect the network. 


sector — The smallest physical unit of storage on a 


hard disk. 


security ID (SID) — The unique identifier that is 
determined by the security restrictions of the user 
group to which you belong and any settings that the 
administrator has applied directly to your account. 


security identification (SID) number — A 
unique number assigned by Windows 2000 to 
each user account. 


Security log — An Event Viewer log that records 
security-related events. 


security principal — A Windows 2000 computer 
in a domain using Kerberos. 


selection information file — The file in which 
backups are stored. This file has a .bks extension. 


service — A software component that exists on 
servers that run in the background so as to perform 
normal server operations, such as file and print shar- 
ing, Web and FTP services, and DNS services. 


Service Location — Allows you to configure ser- 
vices that are located on remote systems. 


service pack — A collection of code replacements, 
patches, error corrections, new applications, ver- 
sion improvements, or service-specific configura- 
tion settings that correct, replace, or hide the 


Glossary 17 


deficiencies of the original product, preceding ser- 
vice packs, or hot fixes. 


Services for Macintosh — A service that connects 
Apple Macintosh systems to a Windows 2000 sys- 
tem and allows file and print sharing. 


Session layer — The layer of the OSI model that 
initiates and maintains communication between 
different systems on the network. 


simple volume — A volume on a dynamic disk 
that exists on a single disk. Simple volumes may be 
expanded on the same disk or made into spanned 
volumes that extend to another physical disk. 


smart terminal — A computer that has only a mon- 
itor and a keyboard with a network attachment. 


spanned volume — A volume that extends over 
two or more dynamic disks. 


sparse files — Files marked with an attribute that 
says, “Only provide space in the paging file for the 
parts of this file that actually have data in them, 
instead of strings of Os.” The data have pointers to 
the places where the long strings of Os can be, so 
that they can be filled in as necessary, but sparse files 
save room in the paging file and in memory by 
allocating only the storage that’s actually needed. 


spawn — Same as launch. The process of executing 
an application. 


standard primary zone — The authority for the 
zone. It is in charge of all changes to the domains. 


standard secondary zone — A read-only copy of 
the standard primary zone database. It is used for 
fault tolerance and load balancing. 


Start of Authority (SOA) — A DNS record that 
defines the different timeout and TTL values for 
the domain. 


static routing — A system in which the network 
administrator must manually configure all paths 
from one network to another. 


stripe set — A volume that extends over two or 
more dynamic disks, but which reduces disk read 
and write times by writing data to all disks in 
stripes, instead of filling up the volume from back 
to front as normal volumes do. 


18 Glossary 


stripe set with parity — See RAID 5 volume. 


striped volume — Same as a stripe set, but for 
dynamic disks. 


subkey — A sublevel division of a Registry key. A 
subkey can contain other subkeys and value 
entries. 


subnet — A logical boundary on a network. 


superscope — A process of combining two or 
more scopes to group them into a single admin- 
istrative unit. 


surface — The side of a disk platter. Each platter has 
two surfaces. 


symmetric encryption — A method of data 
encryption that uses the same algorithm to 
encrypt and decrypt plaintext. 


system attribute — A simple attribute that identifies 
a file as part of the operating system. 


system buses — The Windows 2000 component 
that recognizes and controls system buses such as 
PCI, CardBus, FireWire, and USB. 


System log — An Event Viewer log that records 
information and alerts about Windows 2000's 
internal processes. 


system page — Chunks of memory, as viewed by 
a processor. The system page for an x86 machine 
is 4 KB in size; for an Alpha machine, it is 8 KB 
in size. 


system partition — The partition that contains the 
files used to initialize the Windows 2000 loading 
process. 


System State — An option that allows you to 
choose which components to back up, such as the 
Active Directory, the boot files, and the Registry. 


System State data — Windows 2000's name for 
system configuration information. System state 
data include the Registry, the boot files, the class 
registration database, and, if applicable, the certifi- 
cate services database, Active Directory structure, 
and SYSVOL. 


task switching — A method of multitasking in 
which the user may switch between applications. 


The application in the foreground gets all CPU 
cycles; the background applications get none. 


terminal server client access license (TSCAL) 
— A type of license that permits the computer to 
which it’s assigned to run a session from a terminal 
server. 


Terminal Services — The Windows 2000 compo- 
nent that provides access to the Windows 2000 
console for many types of clients. Similar to termi- 
nal functions in a mainframe environment. 


terminal services — A service that provides 
Windows 2000 Server systems with the ability to 
support multiple client sessions running on a sin- 
gle computer. This feature greatly reduces TCO by 
minimizing the amount of hardware and software 
upgrades needed for each individual client system. 


thin clients — A low-cost, low-powered desktop 
environment with just enough CPU power and 
memory to handle local input and output tasks. 

thread — An entity within a process for which 
Win2K schedules CPU time to execute a function 
of some kind. When a thread has finished its job, it 
terminates. 


thread — The executable element of an application. 


thread state — Any one of five states that a thread 
may be in, defining its readiness to use the CPU. 


threading — A way for a single task to operate mul- 
tiple related activities in parallel without imposing 
the delays associated with a typical context switch. 


ticket — A data structure generated by the KDC 
when a client computer asks the KDC for a secret 
key. The server's half of the secret key is embedded 
in the ticket and encrypted with the key that the 
KDC and the server have in common. 


time slicing — A fixed length of time that the sys- 
tem allows a single task to occupy the CPU. 


Tower of Hanoi (ToH) — A backup scheme that 
uses five tapes in rotation to create a 32-week 
record of normal backups. Because this backup 
scheme does not include differential or incremen- 
tal backups, it should not be used as the sole 
backup plan. 


track — A concentric circle traced on the surface of 
a platter, used to physically divide storage space. 


transaction log — A list of changes to the volume 
structure maintained by NTFS. When changes are 
complete, they’re listed in the transaction log as 
being committed. If the disk stops working, when 
it restarts, NTFS rolls back the volume structure to 
its form at the last committed change. This tech- 
nique prevents the volume structure from being 
corrupted by half-made changes. 


transitive trust — A relationship that states that if 
domain A trusts domain B, and domain B trusts 
domain C, then domain A will automatically 
trust domain C. 


Transmission Control Protocol/Internet 
Protocol (TCP/IP) — The protocol for the 
Internet. It allows for the connection of large net- 
works in different geographical locations. 


Transport Driver Interface (TDI) — The specifi- 
cation to which all transport protocols must be 
written so that they can be used by higher-layer 
services, such as programming interfaces, file sys- 
tems, and interprocess communication mechanisms. 


Transport layer — The layer of the OSI model that 
is responsible for ensuring error-free transmission 
and reception of data. 


tree — A collection of domains that use the same 
contiguous namespace. 


trim — The procedure in which some of a process’s 
working set is moved to the paging file to free 
room in physical memory. 


trust relationship — A relationship that is set up 
between domains so that one domain can trust 
resources from another domain. 


tunnel — A communication mechanism used by 
VPNs to establish a second, secure session between 
a client and remote server. 


unallocated space — An area of a physical disk that 
has not yet been partitioned. 


Universal Serial Bus (USB) — A new high-speed 
serial bus that supports 127 peripheral devices and 
automatic device configuration. 


Glossary 19 


user mode — A restricted kind of access to CPU 
functions and virtual memory. User mode limits user 
applications to using per-process virtual memory 
addresses and a subset of CPU functions, allowing 
them to request kernel-mode functions but not to 
read or write data in system areas. 

user profile — A file containing environment set- 
tings, which is loaded when a person logs onto a 
computer or domain. User profiles may be stored 
on the local computer or on a server, and may be 
either user-definable or locked down. 

value — The actual data stored by a value entry. 

value entry — A named Registry variable that 
stores a specific value or data string. A Registry 
value entry’s name is typically a multiword phrase 
without spaces that uses title capitalization. 


variable priority thread — A thread with a base 
priority from 1 to 15 that may have a higher pri- 
ority if the dispatcher thinks it appropriate. A vari- 
able priority thread may never have a priority 
higher than 15. 


VGA Mode — An advanced boot option that boots 
Windows 2000 as usual, except that it uses the 
generic Vga.sys instead of the video driver you 
have installed. It is useful for fixing problems 
related to bad or incompatible video drivers. 


virtual directories — Folders used by the Web ser- 
vice to provide content to the Internet. 


Virtual DOS Machine — A software environment 
within Windows 2000 that supports legacy DOS 
programs running in a protected environment space. 


virtual machine — A software construct that cre- 
ates a computer environment for each process, so 
that the process appears to be the exclusive resi- 
dent of the physical machine. In Windows 2000, 
application subsystems construct virtual machines 
for processes. When a process requests access to a 
resource (whether memory, CPU time, keyboard 
input, display changes, or hard drive resources), the 
virtual machine relays that request to the applica- 
tion subsystem in which the virtual machine 
resides. This subsystem, in turn, passes the request 
to the appropriate executive service in the 
kernel mode. 


20 Glossary 


virtual machines — A way for Windows 2000 to 
let non-Windows 2000 applications run on the 
system. It emulates the native operating system of 
the application. 


virtual memory — A mechanism by which RAM 
is supplemented with disk space to make it appear 
that the computer has more memory installed 
than it really does. 

virtual memory — A method of using both hard 
disk space and physical RAM to make it appear as 
though a computer has as much as 4 GB of RAM. 


virtual multitasking — A way of making a com- 
puter appear as if it is executing more than one 
thing at a time. 


virtual private network (VPN) — A secure con- 
nection between a client and a private network 
over the Internet. 


virtual server — The name by which the nodes in a 
cluster are collectively known. Clients connect to 
the virtual server, not to the individual nodes 
within the server. 


volume — Another name for a partition—a logical 
division of physical disk space. Most often, volumes 
refer to areas on dynamic disks, whereas partitions 
refer to the division of basic disks. 


VxD driver — The legacy device driver model, still 
supported under Windows 2000, that requires 
much more development effort than correspond- 
ing WDM drivers. 


wide area network (WAN) — A group of com- 
puters that are networked over great distances, 
such as between cities. 

Win32 Driver Model (WDM) — The new 
Windows driver model that allows simplified device 


driver development such that one driver can be used 
on both Windows 2000 and Windows 98 systems. 


Windows clustering — A feature that allows for 
the implementation of Windows 2000 clusters. A 
cluster can automatically detect if an application, 
service, or server fails and then migrate the failed 
component to another system in the cluster. It is 
designed for mission-critical applications and 
servers. 


Windows Internet Name Service (WINS) — A 
service that resolves NetBIOS names (or comput- 
er names) to TCP/IP addresses. 


Windows NT domain — A logical collection of 
Windows NT computers that share the same user 
database and security models. 


WINS — A DNS record that defines the TCP/IP 
address of one or more WINS servers on the 
network. 

working set — Data that the thread in a process is 
currently using and that is stored in RAM. 


working set — The data that the threads in a 
process have stored in physical memory. The 
working set may grow or shrink depending on 
how much physical memory is available, but the 
process may not use any data that is not in its 
working set. 


zone — A logical group of addresses. 


zone database file — A simple text file in a stan- 
dard zone that is used by DNS to resolve TCP/IP 
names and addresses. 


zone transfer — The process of transferring infor- 
mation between standard primary and standard 
secondary servers. 


